LEGAL

Privacy Policy

Last updated: March 30, 2026

1. Information We Collect

Account Information

If you create an account, we collect your email address and a hashed password (managed by Supabase). We do not store passwords in plain text.

Location Data

When you use WhatNext, you may provide a city name, ZIP code, or allow browser geolocation. Location is used only to generate plan recommendations and is not stored on our servers beyond the active session.

Usage Data

If you consent to analytics, we use Google Analytics to collect anonymized usage data such as pages visited, features used, and general location derived from IP address. We do not collect precise geolocation through analytics.

Saved Plans

If you save a plan, the plan details (such as venue names and addresses) are stored in your account. No personal preferences beyond what you explicitly save are retained.

2. How We Use Your Information

We use your information to:

  • Generate personalized activity and date plan recommendations
  • Store and retrieve your saved plans when you have an account
  • Improve the application using anonymized usage patterns (with your consent)

3. Information Sharing

We do not sell, rent, or trade your personal information.

We only share data with the following service providers to operate WhatNext:

  • Supabase: authentication and database hosting
  • Google: Places API for venue data and Google Analytics for anonymized usage data (with consent)
  • Ticketmaster and Eventbrite: event listings. No personal user data is shared with these services.

4. Cookies and Tracking

WhatNext uses Google Analytics cookies only if you provide consent through the cookie banner. You can withdraw consent at any time by clearing your browser data.

We do not use advertising cookies or third-party tracking pixels.

5. Your Rights

You have the right to:

  • Access your saved data through the "My Plans" feature
  • Delete saved plans at any time
  • Request deletion of your account by contacting us
  • Opt out of analytics tracking by declining cookies or clearing browser data

California Residents: You have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information is collected and the right to request deletion of that information.

6. Children's Privacy (COPPA)

WhatNext is not intended for children under the age of 13.

We do not knowingly collect personal information from children under 13. If we learn that we have collected information from a child under 13, we will delete it promptly.

7. Data Security

We use industry-standard security measures including:

  • HTTPS encryption
  • Secure authentication through Supabase
  • Row Level Security (RLS) on our database
  • Rate limiting
  • Input validation

API keys are stored securely and are never exposed to the client.

8. Data Retention

  • Saved plans remain in your account until you delete them or request account deletion.
  • Analytics data is retained according to Google Analytics standard retention policies (currently 14 months).
  • Temporary server caches automatically expire.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated revision date.

10. Contact

For privacy-related questions or requests, contact us through the feedback form within the WhatNext application or by emailing the application administrator.

[email protected]